Include Log4jPatcher javaagent (#2148)

2023-05-28 18:38:54 +02:00 · 2023-05-28 18:38:54 +02:00 · bab381d058
parent b64cf0b84f
commit bab381d058
2 changed files with 12 additions and 0 deletions
--- a/2
+++ b/2
@ -70,6 +70,8 @@ COPY --chmod=644 files/log4j2.xml /image/log4j2.xml
 COPY --chmod=644 files/cf-exclude-include.json /image/cf-exclude-include.json
 COPY --chmod=755 files/auto /auto

+RUN curl -fsSL -o /image/Log4jPatcher.jar https://github.com/CreeperHost/Log4jPatcher/releases/download/v1.0.1/Log4jPatcher-1.0.1.jar
+
 RUN dos2unix /start* /auto/*

 ENTRYPOINT [ "/start" ]
--- a/scripts/start-finalExec
+++ b/scripts/start-finalExec
@ -77,6 +77,16 @@ if ${useFallbackJvmFlag}; then
  JVM_OPTS="-Dlog4j2.formatMsgNoLookups=true ${JVM_OPTS}"
 fi

+if versionLessThan 1.7; then
+  : # No patch required here.
+elif versionLessThan 1.18.1; then
+  if isTrue ${SKIP_LOG4J_PATCHER:-false}; then
+    log "Skipping Log4jPatcher, make sure you are not affected"
+  else
+    JVM_OPTS="-javaagent:/image/Log4jPatcher.jar ${JVM_OPTS}"
+  fi
+fi
+
 if isTrue ${ENABLE_ROLLING_LOGS:-false}; then
  if ! ${canUseRollingLogs}; then
    log "ERROR: Using rolling logs is currently not possible in the selected version due to CVE-2021-44228"